doubt reg. TLS and GSSAPI

On Fri, Apr 11, 2008 at 08:06:58PM +0530, Rahul Amaram wrote:
> Hi,
<snip>
> Now here are my doubts:
Do you have doubts because you have tried to use pidgin and failed or just
'because'? If you haven't tried I really suggest you do that before
asking, it can save everyone time.
> 1. Does pidgin check the certificate against the domain name
> (company.com) or the server name (jabber.example.com)? It currently
> seems to be verifying against the domain name. Is this expected behaviour?
In pidgin 2.4.0 and later the connect server should be used when a
hostname is specified in that field, the srv record host if no connect
server is specified and an srv record exists, and the domain otherwise.
> 2. When pidgin tries to fetch a ticket for the jabber service, which of
> the below is used as the servername for building the principal
> xmpp/servername at EXAMPLE.COM?
> - Domain company.com
> - Server jabber.example.com
> - Name got by resolving domain company.com and doing a reverse
> look-up on the IP (Pidgin seems to be doing this currently)
> - Name got by resolving server jabber.example.com and doing a
> reverse look-up on the IP (Shouldn't this be the expected behaviour?)
I believe this should function simlilarly to my answer above.
> 3. Is it necessary that the domain company.com be resolvable if I am
> filling the "Connect Server" field? If so, for what?
No, with a connect server the Domain entry should not need to be resolvable.
> Looking forward to an early response.
>> Thanks and Regards,
> Rahul.
-Etan